An environment like LAN - PAN - Proxy - Router - Internet
is there a way to block everything but allow just skype.No web browsing, nothing allowed except skype.
I tried some rules but skype couldn't connect.
Try a rule allowing only skype and ssl, destinated to Any, with url filtering blocking everything but allowing *.skype.com in the whitelist, followed by a rule Deny Any/Any.
Keep an eye on the monitor tab and try to use skype and see if you can identify what application and destination is being blocked from your test workstation and fine tune the rule.
If even then it doesn't work, let us know.
If you allow SSL and URL filtering but you don't intercept/decrypt SSL, won't that not work? Or will PA try to match based on the certificate?
Also make sure you allow skype-probe too in your App column (or I guess PANOS 5 handles app dependencies automagically, so it won't be an issue). Doesn't hurt to have it explicitly defined though
So the proxy's denying the traffic? Is the proxy transparent (ex. is it using WCCP?) Or do you explicitly define the proxy on your clients? The Skype client might need to be told about the proxy server in that case.
Allow web browsing via your proxy in one rule and add separate rule which allows skype and skype-probe without proxy (I mean destination is any IP on the outside). Skype also supports configuration for proxy server, so this can also be used as a solution.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!